These vulnerabilities are used by attackers to steal credentials from users in phishing attacks, by sending them to a genuine URL that then forwards the user to an similar-looking untrustworthy location.